Log in

View Full Version : Any crackers idea???


Hero
April 18th, 2005, 09:44
Hi all
I don't know this is legal to ask this question here or not,But I want to know
what you will do if you want to protect your program for selling through web?
I know everything is crackable,I only want to make it longer to crack,and I will
assume that there is no dongle.
Can you suggest something for inspecting?

sincerely yours

JimmyClif
April 18th, 2005, 10:29
I think the best idea is to distribute a sh-tload of bad cracks and fake serials to the most common places yourself after you released your app. Add to most keygens and cracks a virus wrecking some havoc or completely effing up the install of your app and/or let it patch a little place somewhere which makes the app crash at random intervals and there you go..

People will register stating that they thought about using the crack but blah blah blah... for some crazy reason they decided to pay for your app.

Also be consistent.. add every week another 'keygen' or 'crack' and even though your app will be cracked in no time it will make it very hard for average Joe to get ahold of a working solution.

It's not the cracker you're fighting - it's the enduser who doesn't want to fork over the cash who is the enemy.

Jimmy

YesItsMe
April 18th, 2005, 12:34
It's a horrible suggestion! why should you do something like that? you might get on the nerves of cracking groups for spreading viruses in the name of cracks, you'll be facing the whole scene then, you'll end up having every bit of useless software that you release cracked at 0 day...

I think the best approach is not to make a full version available for public, instead a demo lacking the crucial functionality such as saving or printing with no option to enable that...you send the full version to your trusted customers after they pay you and let it be protected with something as strong as Themida 2004 and we'll see then if/when it gets cracked.

Woodmann
April 18th, 2005, 16:18
Howdy,

Quote:
you might get on the nerves of cracking groups for spreading viruses in the name of cracks.....


Are we to assume that people who host cracks actually check them beyond the basic virus scan ?

If you introduce a bogus serial/reg to enough places, it will be picked up by all of them. Once you have "market" saturation, you will have possibly defeated those who are looking for an easy answer. They want instant gratrification.

It doesnt need to have a virus, a bunch of malwares attached will do the job.

JimmyClif, I think your reply is brilliant.

Woodmann

esther
April 18th, 2005, 19:32
>you might get on the nerves of cracking groups for spreading viruses

I doubt that,Cracking groups will not risk their reputation on doing silly things , they aren't kiddies out there

JimmyClif
April 18th, 2005, 19:38
Well, thank you Woodmann.

Hero
April 18th, 2005, 22:01
Hi JimmyClif
Quote:
Add to most keygens and cracks a virus wrecking some havoc or completely effing up the install of your app and/or let it patch a little place somewhere which makes the app crash at random intervals and there you go..

I think this suggestion will affect your program itself,and making its tilte bad too.
I think this will not be a very good idea for all types of program.

Quote:
I think the best approach is not to make a full version available for public, instead a demo lacking the crucial functionality such as saving or printing with no option to enable that...you send the full version to your trusted customers after they pay you and let it be protected with something as strong as Themida 2004 and we'll see then if/when it gets cracked.

This can't be used for any application.For example you worked on an encryption
algorithm for your program for a long time.Do you want to get it open source?

By this question,I mean that if have access to all newly developed protection
allgorithms,and you add some checking features to your program,what will you
do for protection?What is the protection that you will use?And you will use what
checking and inspecting ways that make it harder to crack a program?
I asked this question here,because I think if a cracker wants to make a protection,
that protection will be the best one!


sincerely yours

Silver
April 19th, 2005, 08:53
Quote:
I asked this question here,because I think if a cracker wants to make a protection, that protection will be the best one!


Yes, it's the old "hire a thief to catch a thief" conundrum.

One point to take into account is the vast majority of cracks and keygens are not initially distributed widely across the net. Places like odaycn and the p2p networks pick them up as they slowly leak off the private group and 0day ftp/bbs's. So whilst I agree seeding the public distributions with bad files will impact some end users of the crack, there will always be a clear delineation between "good" cracks (on the group sites) and "bad" cracks out in the wide world. What you're proposing is essentially the same tactic as record companies seeding kazaa etc with bad MP3's - we know this doesn't work.

On that note, you may find this interesting: http://slashdot.org/article.pl?sid=05/04/18/1831256&tid=95&tid=188

I have had an idea for a protection system for a while that depends on distributing code sections between server and client. Although it would be totally impractical for a commercial app, as a theoretical protection system I believe it would be quite strong.

0xf001
April 19th, 2005, 09:57
Quote:
you might get on the nerves of cracking groups for spreading viruses in the name of cracks, you'll be facing the whole scene then, you'll end up having every bit of useless software that you release cracked at 0 day...


i also think this will not be the case until you submit your crack under the name of a known group then they of course have a reason

and i also like this approach!! it is reaching the goal as a side effect but imho it is very effective cool!

thandermax
April 19th, 2005, 11:14
Step 1)
Perform all the above mentioned tips
step 2)
Try to build your own packer.
step 3)
Use Threads instead of main message loop to check the REG validation. Use as many threads you can.
step 4)
If you could build a REG Check Device Driver (*.vxd or *.sys)which will check the REG CHK.
step 5)
Encrypt all the text used to show the user "The serial what u hav entered is fake ... etc.". Decrypt it in RunTime.
step 6)
Use Net check and upload all the registered user's info and check it Randomly.
Some firewall might block it (BLAH BLAH)
step 7)
use switch case type algorithem which is a bit confusing.

After all you have done , wait for atleast 1 year to crack to be available. HA HA.
Cause someone will find the trick SOMEDAY BUT SURE. But you can release new ver of your app.

HAPPY CODING
Regards,
ThanderMAX.

evaluator
April 19th, 2005, 11:58
forget all..

Here is my GOLD suggestion:

Make really GOOD program & you will Always(R) have customers..
.. & cr0cks, wich will indicate: your program worth to cr0ck;

SiGiNT
April 19th, 2005, 18:03
All the companies and individuals that are selling apps. they authored, are still making money, even if cracks are available, I think if you have a great app. you will always profit from it, just protect it as best you can and forget the malicious stuff - some of which might have legal implications, make the price reasonable and they will buy it - especially if they want upgrades and support, I'd buy a true VB5/6 decompiler in a hot second, I've even thought of buying one of the half-assed ones on the market.

SiGiNT

disavowed
April 20th, 2005, 00:04
Quote:
[Originally Posted by thandermax]If you could build a REG Check Device Driver (*.vxd or ...

No one in the world should be coding .vxd's anymore. They are incredibly outdated, deprecated, and were never officially documented to begin with.

TBone
April 20th, 2005, 12:31
If you really want a good protection system, don't let the user have all of the code in the first place. Use a client-server model and give the client app away for free. Then charge people to access your server. Obviously, this approach is better suited for some applications than others.

But seriously, as bandwidth keep increasing, I expect to see this sort of approach more often. Do all of the core, critical computation server-side, pipe only the output to the client and charge them a monthly/yearly/whatever fee for the service. Don't verify people at your server with some serial key - keep a database of unique accounts.

If you want to use the program for free, your options are to either steal someone else's account (difficult to get away with for long if the server doesn't allow multiple simultaneous connections), make an account with stolen credit card info, break into the servers, or write an emulator. The first option is impractical, the second and third are too risky and/or too difficult for most people, and the fourth option is enormously time consuming if your program has any complexity at all.

Hey, it works for Everquest

Hero
April 20th, 2005, 13:06
Thanks anyone for suggestion!
Quote:
If you really want a good protection system, don't let the user have all of the code in the first place.

What I think on,was the same idea as you suggest.But if you want to use it as
an client/server application,as you said,you need an powerfull server,and all users
should have an active network available.
This will not be acceptable for everyone.In addition you can't prove that your
application has no spyware or such programs,and this will affect your program.

sincerely yours